Rails 4.0.0 (unreleased)

Determine the controller#action from only the matched path when using the
shorthand syntax. Previously the complete path was used, which led
to problems with nesting (scopes and namespaces).
Fixes #7554.

Example:

# this will route to questions#new
scope ':locale' do
get 'questions/new'
end

Yves Senn

Remove support for parsing XML parameters from request. If you still want to parse XML
parameters, please install `actionpack-xml_parser' gem.

Prem Sichanugrist

Remove support for parsing YAML parameters from request.

Aaron Patterson

Add a message when you have no routes defined to both rake routes and
GET "/rails/info/routes" that lets you know you have none defined and links
to the Rails guide on the topic.

Steve Klabnik

Change image_alt method to replace underscores/hyphens to spaces in filenames.

Previously, underscored filenames became alt="A_long_file_name_with_underscores"
in HTML, which is poor for accessibility. For instance, Apple's VoiceOver Utility
pronounces each underscore. A_long_file_name thus would be read as A underscore
long underscore file underscore name. Now underscored or hyphenated filenames
(both of which are very popular naming conventions) read more naturally in
screen readers by converting both hyphens and underscores to spaces.

image_submit_tag will set alt attribute from image source if not
specified.

Nihad Abbasov

Do not generate local variables for partials without object or collection.
Previously rendering a partial without giving :object or :collection
would generate a local variable with the partial name by default.

Carlos Antonio da Silva

Return the last valid, non-private IP address from the X-Forwarded-For,
Client-IP and Remote-Addr headers, in that order. Document the rationale
for that decision, and describe the options that can be passed to the
RemoteIp middleware to change it.
Fix #7979

André Arko, Steve Klabnik, Alexey Gaziev

Do not append second slash to root_url when using trailing_slash: true
Fix #8700

Before:

root_url(trailing_slash: true) # => http://test.host//

After:

root_url(trailing_slash: true) # => http://test.host/

Yves Senn

Allow to toggle dumps on error pages.

Gosha Arinich

Fix a bug in content_tag_for that prevents it from working without a block.

Jasl

Change the stylesheet of exception pages for development mode.
Additionally display also the line of code and fragment that raised
the exception in all exceptions pages.

Guillermo Iguaran + Jorge Cuadrado

Do not append charset= parameter when head is called with a
:content_type option.
Fix #8661.

Yves Senn

Added Mime::NullType class. This allows to use html?, xml?, json?, etc.
when the format of the request is unknown, without raising an exception.

Angelo Capilleri

Integrate the Journey gem into Action Dispatch so that the global namespace
is not polluted with names that may be used as models.

Andrew White

Extract support for email address obfuscation via :encode, :replace_at, and replace_dot
options from the mail_to helper into the actionview-encoded_mail_to gem.

Rename all action callbacks from *_filter to *_action to avoid the misconception that these
callbacks are only suited for transforming or halting the response. With the new style,
it's more inviting to use them as they were intended, like setting shared ivars for views.

is now validating option keys. It accepts: :layout, :partial, :locals and :count.

Roberto Soares

Allow setting a symbol as path in scope on routes. This is now allowed:

scope :api do
resources :users
end

It is also possible to pass multiple symbols to scope to shorten multiple nested scopes:

scope :api do
scope :v1 do
resources :users
end
end

can be rewritten as:

scope :api, :v1 do
resources :users
end

Guillermo Iguaran + Amparo Luna

Fix error when using a non-hash query argument named "params" in url_for.

Before:

url_for(params: "") # => undefined method `reject!' for "":String

After:

url_for(params: "") # => http://www.example.com?params=

tumayun + Carlos Antonio da Silva

Render every partial with a new ActionView::PartialRenderer. This resolves
issues when rendering nested partials.
Fix #8197.

Yves Senn

Introduce ActionView::Template::Handlers::ERB.escape_whitelist. This is a list
of mime types where template text is not html escaped by default. It prevents Jack & Joe
from rendering as Jack &amp; Joe for the whitelisted mime types. The default whitelist
contains text/plain.
Fix #7976.

assert_template is no more passing with what ever string that matches
with the template name.

Before when we have a template /layout/hello.html.erb, assert_template
was passing with any string that matches. This behavior allowed false
positive like:

assert_template "layout"
assert_template "out/hello"

Now it only passes with:

assert_template "layout/hello"
assert_template "hello"

Fixes #3849.

Hugolnx

image_tag will set the same width and height for image if numerical value
passed to size option.

Nihad Abbasov

Deprecate Mime::Type#verify_request? and Mime::Type.browser_generated_types,
since they are no longer used inside of Rails, they will be removed in Rails 4.1.

Michael Grosser

ActionDispatch::Http::UploadedFile now delegates close to its tempfile. Sergio Gil

Add ActionController::StrongParameters, this module converts params hash into
an instance of ActionController::Parameters that allows whitelisting of permitted
parameters. Non-permitted parameters are forbidden to be used in Active Model by default
For more details check the documentation of the module or the
strong_parameters gem

DHH + Guillermo Iguaran

Remove Integration between attr_accessible/attr_protected and
ActionController::ParamsWrapper. ParamWrapper now wraps all the parameters returned
by the class method attribute_names.

Guillermo Iguaran

Log now displays the correct status code when an exception is raised.
Fix #7646.

Sprockets integration has been extracted from Action Pack to the sprockets-rails
gem. rails gem is depending on sprockets-rails by default.

Guillermo Iguaran

ActionDispatch::Session::MemCacheStore now uses dalli instead of the deprecated
memcache-client gem. As side effect the autoloading of unloaded classes objects
saved as values in session isn't supported anymore when mem_cache session store is
used, this can have an impact in apps only when config.cache_classes is false.

Arun Agrawal + Guillermo Iguaran

Support multiple etags in If-None-Match header. Travis Warlick

Allow to configure how unverified request will be handled using :with
option in protect_from_forgery method.

Added controller-level etag additions that will be part of the action etag computation Jeremy Kemper/DHH

class InvoicesController < ApplicationController
etag { current_user.try :id }
def show
# Etag will differ even for the same invoice when it's viewed by a different current_user
@invoice = Invoice.find(params[:id])
fresh_when(@invoice)
end
end

When building a URL fails, add missing keys provided by Journey. Failed URL
generation now returns a 500 status instead of a 404.

Richard Schneeman

Deprecate availability of ActionView::RecordIdentifier in controllers by default.
It's view specific and can be easily included in controllers manually if someone
really needs it. Also deprecate calling ActionController::RecordIdentifier.dom_id and
dom_class directly, in favor of ActionView::RecordIdentifier.dom_id and dom_class.
RecordIdentifier will be removed from ActionController::Base in Rails 4.1.

Piotr Sarnacki

Fix ActionView::RecordIdentifier to work as a singleton. Piotr Sarnacki

Deprecate Template#mime_type, it will be removed in Rails 4.1 in favor of #type.
Piotr Sarnacki

Move vendored html-scanner from action_controller to action_view directory. If you
require it directly, please use 'action_view/vendor/html-scanner', reference to
'action_controller/vendor/html-scanner' will be removed in Rails 4.1. Piot Sarnacki

Fix handling of date selects when using both disabled and discard options.
Fixes #7431.

Vasiliy Ermolovich

ActiveRecord::SessionStore is extracted out of Rails into a gem activerecord-session_store.
Setting config.session_store to :active_record_store will no longer work and will break
if the activerecord-session_store gem isn't available. Prem Sichanugrist

Fix select_tag when option_tags is nil.
Fixes #7404.

Sandeep Ravichandran

Add Request#formats=(extensions) that lets you set multiple formats directly in a prioritized order.

Change a way of ordering helpers from several directories. Previously,
when loading helpers from multiple paths, all of the helpers files were
gathered into one array an then they were sorted. Helpers from different
directories should not be mixed before loading them to make loading more
predictable. The most common use case for such behavior is loading helpers
from engines. When you load helpers from application and engine Foo, in
that order, first rails will load all of the helpers from application,
sorted alphabetically and then it will do the same for Foo engine.

Piotr Sarnacki

truncate now always returns an escaped HTML-safe string. The option :escape can be used as
false to not escape the result.

Li Ellis Gallardo + Rafael Mendonça França

truncate now accepts a block to show extra content when the text is truncated. Li Ellis Gallardo

The select method (select tag) forces :include_blank if required is true and
display size is one and multiple is not true. Angelo Capilleri

Copy literal route constraints to defaults so that url generation know about them.
The copied constraints are :protocol, :subdomain, :domain, :host and :port.

Andrew White

respond_to and respond_with now raise ActionController::UnknownFormat instead
of directly returning head 406. The exception is rescued and converted to 406
in the exception handling middleware. Steven Soroka

Allows assert_redirected_to to match against a regular expression. Andy Lindeman

Allow to lazy load default_form_builder by passing a String instead of a constant. Piotr Sarnacki

Session arguments passed to process calls in functional tests are now merged into
the existing session, whereas previously they would replace the existing session.
This change may break some existing tests if they are asserting the exact contents of
the session but should not break existing tests that only assert individual keys.

Andrew White

Add index method to FormBuilder class. Jorge Bejar

Remove the leading \n added by textarea on assert_select. Santiago Pastorino

Changed default value for config.action_view.embed_authenticity_token_in_remote_forms
to false. This change breaks remote forms that need to work also without javascript,
so if you need such behavior, you can either set it to true or explicitly pass
authenticity_token: true in form options.

Added ActionDispatch::SSL middleware that when included force all the requests to be under HTTPS protocol. Rafael Mendonça França

Adds image_url, javascript_url, stylesheet_url, audio_url, video_url, and font_url
to assets tag helper. These URL helpers will return the full path to your assets. This is useful
when you are going to reference this asset from external host. Prem Sichanugrist

Allow value_method and text_method arguments from collection_select and
options_from_collection_for_select to receive an object that responds to :call,
such as a proc, to evaluate the option in the current element context. This works
the same way with collection_radio_buttons and collection_check_boxes.

Carlos Antonio da Silva + Rafael Mendonça França

Add collection_check_boxes form helper, similar to collection_select:
Example:

Deprecated ActionController::Integration in favour of ActionDispatch::Integration.

Deprecated ActionController::IntegrationTest in favour of ActionDispatch::IntegrationTest.

Deprecated ActionController::PerformanceTest in favour of ActionDispatch::PerformanceTest.

Deprecated ActionController::AbstractRequest in favour of ActionDispatch::Request.

Deprecated ActionController::Request in favour of ActionDispatch::Request.

Deprecated ActionController::AbstractResponse in favour of ActionDispatch::Response.

Deprecated ActionController::Response in favour of ActionDispatch::Response.

Deprecated ActionController::Routing in favour of ActionDispatch::Routing.

check_box helper with disabled: true will generate a disabled
hidden field to conform with the HTML convention where disabled fields are
not submitted with the form. This is a behavior change, previously the hidden
tag had a value of the disabled checkbox. Tadas Tamosauskas

favicon_link_tag helper will now use the favicon in app/assets by default. Lucas Caton

ActionView::Helpers::TextHelper#highlight now defaults to the
HTML5 mark element. Brian Cardarella